Reply To: Net firewall is not statefull

first of all I excuse for I’m late on answering you, I was busy with university: my porfessor Federico Simonetti of University of Milan says hello to you

My warm regards to Federico, I hope he is doing well 🙂

What I’d like to ask you is: is there any way to make NetFW look at the PORT command in the control connection on 21 TCP port to automatically open the port the server wants to use to transfer data? As an example, Netfilter/IpTables can do it, and other commercial firewalls as well.

Yes this is possible but, heh, not implemented yet and the only known solution is opening port 20 for everyone. 😕 Dynamic rules (temporary rules created under certain conditions) are planned to be implemented, but it still needs time. In the meantime only Stealth 3rd level takes into account FTP protocol realization details so outgoing FTP can work in active mode.